Security Vulnerability - Novell iPrint Client "call-back-url" Buffer Overflow
This document (7006679) is provided subject to the disclaimer at the end of this document.
The vulnerability is caused by a boundary error in the handling of the "call-back-url" parameter value for a "op-client-interface-version" operation where the "result-type" parameter is set to "url". This can be exploited to cause a stack-based buffer overflow via an overly long "call-back-url" parameter value.
Successful exploitation allows execution of arbitrary code when a user visits a malicious website.
Found by Carsten Eiram, Secunia Research.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7006679
- Creation Date:19-AUG-10
- Modified Date:26-APR-12
Did this document solve your problem? Provide Feedback